Re: chroot named

From: Bill Vermillion (bill@wjv.com)
Date: 08/21/01


Date: Tue, 21 Aug 2001 12:24:54 -0400
From: Bill Vermillion <bill@wjv.com>
To: security@FreeBSD.ORG

On Tue, Aug 21, 2001 at 09:03:39AM -0700, security-digest thus sprach:

> chroot named
> Re: chroot named

> Date: Mon, 20 Aug 2001 23:18:42 +0200
> From: "Koji" <koji@ciberteca.com>
> Subject: chroot named

> Hi, i'm configuring named with chroot, but i have two questions.

> Is necesary the files ld-elf.so.1, libc.so.4, libutil.so.3 and
> named-xfer ? I have trying the named with and without this files
> and works correctly (two forms works correctly ). what are the
> files indispensables really?

> What are the best perms for /etc/namedb/chroot?
> chown -R bind:bind /etc/namedb/chroot
> chmod -R 750 /etc/namedb/chroot
> (handbook's documentation, all files)

> or

> chown -R bind:bind /etc/namedb/chroot/etc/namedb/s
> chmod -R 750 /etc/namedb/chroot/etc/namedb/s
> (only domain configuration files)

What are the advantages of doing that versus the flag options
to named.

#named_flags="-u bind -g bind" # Flags for named

As in /etc/passwd we see this:
bind:*:53:53:Bind Sandbox:/:/sbin/nologin

I really am not sure, that's why I ask. What are the
advantages and disadvantatges of each approach.

-- 
Bill Vermillion -   bv @ wjv . com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message